4 matches found
CVE-2024-28197
Zitadel is an open source identity management system. Zitadel uses a cookie to identify the user agent browser and its user sessions. Although the cookie was handled according to best practices, it was accessible on subdomains of the ZITADEL instance. An attacker could take advantage of this and...
phpok存储型xss一枚
简要描述: rt 详细说明: PHPOK4.0.556 漏了评论处的 编码转换。 $content = $this-get"content",'html'; type为 html的话 case 'html':$msg = pregreplace$tmp,'',$msg;break; 只过滤了 $tmp = array"//isU","//isU","//isU","//isU","//isU","//isU","//isU","//isU"; 太弱。 审核评论 alert 可获取 浏览该商品的 用户的cookie 以及后台审核时 管理员的 cookie 漏洞证明:...
Mambo 4.6.2 CMS - Session fixation Issue in backend Administration interface
==================================================================================== Team Intell Security Advisory TISA2007-04 ------------------------------------------------------------------------------------ Mambo 4.6.2 CMS - Session fixation Issue in backend Administration interface...
Portix-PHP 0.4 - Cookie Manipulation
Portix-PHP 0.4 - Cookie Manipulation source: https://www.securityfocus.com/bid/4041/info Portix-PHP is freely available web portal software. It is written in PHP and will run on most Unix and Linux variants. Portix-PHP uses non-expiring cookies for session management. It is possible for a malicio...